lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 3 Jan 2018 14:16:21 +1100
From:   Dave Chinner <david@...morbit.com>
To:     Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc:     "Darrick J. Wong" <darrick.wong@...cle.com>,
        Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
        linux-integrity <linux-integrity@...r.kernel.org>,
        linux-security-module <linux-security-module@...r.kernel.org>,
        Jan Kara <jack@...e.com>, Theodore Ts'o <tytso@....edu>,
        Chris Mason <clm@...com>,
        Christoph Hellwig <hch@...radead.org>,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        Dmitry Kasatkin <dmitry.kasatkin@...wei.com>,
        xfs <linux-xfs@...r.kernel.org>
Subject: Re: [PATCHv6 1/1] ima: re-introduce own integrity cache lock

On Tue, Jan 02, 2018 at 09:52:03PM -0500, Mimi Zohar wrote:
> On Tue, 2018-01-02 at 17:40 -0800, Darrick J. Wong wrote:
> > [might as well cc linux-xfs]
> > 
> > On Thu, Dec 14, 2017 at 12:22:37AM +0200, Dmitry Kasatkin wrote:
> > > Hi,
> > > 
> > > Could I ask FS maintainers to test IMA with this patch additionally
> > > and provide ack/tested.
> > > We tested but may be you have and some special testing.
> > 
> > Super-late to this party, but unless xfstests has automated tests to
> > set up IMA on top of an existing filesystem then I most likely have no
> > idea /how/ to test IMA.  I did a quick grep of xfstests git and I don't
> > see anything IMA-related.
> 
> Back in June I posted a simple xfstests IMA-appraisal test (https://ma
> rc.info/?l=linux-fsdevel&m=149703820814885&w=4).

That's a really, really basic test and it doesn't exercise the
problematic direct IO path this patch fixes problems with. nor does
it exercise the chmod path, or try to trigger deadlocks or other
conditions through all the other paths that can trigger IMA actions
and or failures (e.g. ENOSPC).  IOWs, we need a lot more than a
"hello world" test to be able to verify filesystems interact with
IMA properly. e.g. how does it behave at ENOSPC? 

How do you test that IMA is fully working and has no regressions
during your development?  I'm sure there's more than a "hello world"
test for that....

Cheers,

Dave.
-- 
Dave Chinner
david@...morbit.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ